Google Inc Android vulnerabilities

CVE-2016-6774 [MEDIUM] CWE-200 CVE-2016-6774: An information disclosure vulnerability in Package Manager could enable a local malicious applicatio An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489.

CVE-2016-6767 [MEDIUM] CWE-399 CVE-2016-6767: A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4. Android ID: A-31833604.

CVE-2016-6773 [MEDIUM] CWE-200 CVE-2016-6773: An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local ma An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-30481714.

CVE-2017-0399 [MEDIUM] CWE-200 CVE-2017-0399: An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.

CVE-2016-8395 [MEDIUM] CVE-2016-8395: A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a lo A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. Re

CVE-2017-0395 [MEDIUM] CVE-2017-0395: An elevation of privilege vulnerability in Contacts could enable a local malicious application to si An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4,

CVE-2016-6771 [MEDIUM] CWE-284 CVE-2016-6771: An elevation of privilege vulnerability in Telephony could enable a local malicious application to a An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390.

CVE-2016-8403 [MEDIUM] CWE-200 CVE-2016-8403: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, US An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel

CVE-2017-0397 [MEDIUM] CWE-200 CVE-2017-0397: An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.

CVE-2017-0388 [MEDIUM] CWE-200 CVE-2017-0388: An elevation of privilege vulnerability in the External Storage Provider could enable a local second An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Ver

CVE-2016-8408 [MEDIUM] CWE-200 CVE-2016-8408: An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious ap An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408.

CVE-2016-8474 [MEDIUM] CWE-200 CVE-2016-8474: An information disclosure vulnerability in the STMicroelectronics driver could enable a local malici An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972.

CVE-2016-8402 [MEDIUM] CWE-200 CVE-2016-8402: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, US An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel

CVE-2016-6763 [MEDIUM] CWE-284 CVE-2016-6763: A denial of service vulnerability in Telephony could enable a local malicious application to use a s A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456.

CVE-2016-6766 [MEDIUM] CWE-19 CVE-2016-6766: A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an atta A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219.

CVE-2016-8471 [MEDIUM] CWE-200 CVE-2016-8471: An information disclosure vulnerability in the MediaTek driver could enable a local malicious applic An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380.

CVE-2016-8401 [MEDIUM] CWE-200 CVE-2016-8401: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, US An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel

CVE-2017-0400 [MEDIUM] CWE-200 CVE-2017-0400: An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audi An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.

CVE-2017-0396 [MEDIUM] CWE-200 CVE-2017-0396: An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaser An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6

CVE-2016-8462 [MEDIUM] CWE-200 CVE-2016-8462: An information disclosure vulnerability in the bootloader could enable a local attacker to access da An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383.